[snazz]

I can't recommend directory-level encryption when full-disk encryption is so easy these days. It's a few clicks in the Fedora installer or a few commands with Arch Linux. It comes out of the box on new MacBooks and most new Windows laptops (although the more secure BitLocker option requires Windows 10 Pro).

Directory-level encryption is harder to set up and use—it requires typing your passphrase more often and makes you choose third-party software instead of using the features built into your operating system. Plus, lots of important files, like your browser's autofill information and other files that aren't considered "critical", are left wide open.

Encrypting your home directory is better than encrypting the "TOP SECRET" directory, but it's still just as hard as setting up full-disk encryption while being less effective.

[OJFord]

In my opinion, it's way harder (and riskier - screw it up and you can't boot, vs. login as a different user and fix it in the case of critical dir, or same user and fix it if not). The Arch Wiki pages are far longer and more off-putting than running whatever you want post-boot in PAM or even ad hoc or from systemd/.profile if it isn't home dir.

And what's the difference in what you're protecting that affects the average user? Why stop at FDE - they should be worried about cold-boot attacks too right!?